200-301 Question #640: Real Exam Question with Answer & Explanation

The correct answer is D: username localuser secret plaintextpassword. To secure the console port with local authentication using a username and password, one must first define the local user with the username command.

Submitted by deeparc· Mar 5, 2026Security Fundamentals

Question

After a recent security breach and a RADIUS failure, an engineer must secure the console port of each enterprise router with a local username and password. Which configuration must the engineer apply to accomplish this task?

Options

Aaaa new-model
Baaa new-model
Cusername localuser secret plaintextpassword
Dusername localuser secret plaintextpassword

Explanation

To secure the console port with local authentication using a username and password, one must first define the local user with the username command.

Common mistakes.

A. aaa new-model enables the AAA framework, but it does not directly create a local user or apply it to the console port in the most basic scenario.
B. aaa new-model enables the AAA framework, which is for more advanced authentication schemes, but it's not the direct command to create a local user for console access.
C. This choice is identical to D, which is the correct answer.

Concept tested. Local user configuration for console access

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-3s/sec-usr-aaa-xe-3s-book/sec-usr-aaa-loc.html

Topics

#Cisco local authentication#Console port security#Router security

Community Discussion

No community discussion yet for this question.

Full 200-301 Practice Browse All 200-301 Questions